UPnP technology was envisioned for deployment in a protected local area network (LAN). The technology allows for devices to connect to a shared LAN, discover each other's capabilities and control the functions in another device.
Since its inception, the UPnP standard has been expanded to support remote access through the UPnP Remote Access Architecture (see, Remote Access Architecture: 1, For UPnP Version 1.0, Sep. 30, 2009). This standard describes various components and mechanisms that enable remote access to a UPnP domain, and allows a device which is not connected to the same LAN as the other devices to be added to the UPnP domain for seamless integration with the other devices.
According to the UPnP Remote Access architecture, the interconnecting remote access servers are located within the UPnP network domains to which these servers enable access. For example, a UPnP remote access server can be configured in or alongside the residential gateway to enable connection into the home UPnP network. However, the configuration of the server can become considerably complex if the user has to work with firewalls and various network configurations. The complexity of such configuration is significantly exacerbated if two separate UPnP networks (e.g., two geographically separate homes) are to be connected.
The UPnP Remote Access architecture does not explicitly support firewall configuration, and expects the user to have the technical expertise to perform the configuration. In addition to being a complicated task for the average user, the existing approach can expose an average user to malicious attacks from the Internet, if the user inadvertently opens up the firewall. Additionally, a user is expected to know a publically routable IP address received from the network service provider, and provide the IP address for UPnP signaling to work. This is further complicated if the IP address is obtained dynamically and is not static, which is the most common scenario in residential service.